Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Password Guessing. Show all posts

Use different Passwords for Different Accounts to Avoid Security Risks

 


Most people repeat the same password across several of their accounts or, what is more serious, set the same password for all their accounts in any way. There is no doubt that this is not a safe practice at all. Cybercriminals are gaining access to databases stolen from breached websites, according to Checkpoint, a provider of cybersecurity solutions. There is an underground market for databases that exist as a result of this lax behavior from cyber criminals. 

Harish Kumar, Head of Enterprise at Checkpoint wrote a blog post in which he warns that using the same password for personal and corporate accounts can be very dangerous since if hackers find a way to obtain credentials for personal accounts, they could potentially gain admin-level access to an organization. 

The report goes on to add that even though people know about the risks of recycling passwords, many of them continue to do so because they find it difficult to manage and memorize many passwords and they do not feel safe doing so. 

The state of passwords in India 

A report regarding password usage by Nordpass found that Indians struggle badly when it comes to passwords. According to the report, "password" was rated as the most popular password in the country, as well as "123456" and "12345678." Each of these password codes took less than a second to crack. This could be one of the reasons why, as of 2017, India ranks as the fourth country in the world when it comes to consumer losses due to cybercrime. However, it is not the only one. 

Several data theft cases have also been reported in India in the past few months. The rise in digital adoption is largely responsible for a jump like this. This can be attributed largely to the pandemic in general and its resultant push toward studying and working online. According to the cyber-security company, many new users of the Internet and companies are unaware of cybersecurity, which is increasing cybercrimes. 

According to Checkpoint, tougher security policies that impose stronger passwords are also counterproductive and, paradoxically, are viewed negatively. 

The benefits of lax cybersecurity for cybercriminals 

This is an extremely crucial point to note that Checkpoint's report emphasizes that attackers were able to quickly identify this negligence. They became aware that they could better utilize these resources on smaller websites with weaker security. 

There is an official requirement from the National Institute of Standards and Technology (NISST) that all passwords should be salted with at least 32 bits and hashed using a one-way key derivation function according to the report. However, many websites fail to adhere to this law, and some even store passwords in plain text. In this manner, hackers can then use the credentials they have stolen from those sites to log into more valuable websites and online services.

Furthermore, Checkpoint adds to note that cybercriminals who hack websites and steal passwords are more likely to be the ones who use them most effectively. This is compared to those who hack websites and take passwords. A more likely option for them would be to sell stolen credentials instead. Depending on whether they unlock admin-level access to an organization, some of these can sell for as much as $120,000 each. 

"Combination lists," which are vast compilations of many databases of stolen email addresses and passwords, are used to compile stolen passwords, a large number of which have already been compromised. There has been a report that describes the largest combo of usernames and passwords of all time, named RockYou2021. This combo contained over 8 billion unique sets of usernames and passwords, as of August 2016. 

Checkpoint states that these stolen credentials are utilized in credential-stuffing attacks against organizations. Cyberterrorists use credentials retrieved from one site after a data breach to log in to another that has been attacked, thus carrying out this type of cyberattack. An extremely common method of committing such attacks involves large-scale automated login requests that are carried out to access accounts such as those set up by users, banking, social media, and a variety of online accounts. 

Staying safe is easy if you know what to do 

A simple way to help keep your passwords safe is to make sure that you do not use them under any circumstances. A compromise of one account can easily lead to a compromise of the other, which will then lead to a chain of attacks. 

It is important to try to come up with creative word combinations. This is because special characters by themselves do not make highly secure passwords if one is a common keyword. A password such as "pass@123" contains letters, numbers, and a symbol, yet according to the Indian Government, it is the sixth most popular password out of the top 100. Also, if possible, you should use two-factor authentication to increase security.

Beware of Ongoing Brute-Force Attacks Against NAS Devices, QNAP Warns

 

Taiwanese firm, QNAP has warned its clients of ongoing attacks targeting QNAP NAS (network-attached storage) devices and urged to strengthen their devices’ security by changing their passwords and default access port number, and disabling the admin account.

The company warned its customers by stating, “recently QNAP has received multiple user reports of hackers attempting to log into QNAP devices using brute-force attacks – where hackers would try every possible password combination of a QNAP device user account. If a simple, weak, or predictable password is used (such as ‘password’ or ‘12345’) hackers can easily gain access to the device, breaching security, privacy, and confidentiality. ”

If threat actor manages to guess the right password then they are able to secure full access of the targeted device, allowing them to exfiltrate confidential documents or install malware. If the hackers are unable to brute-force their way in, the NAS devices’ system logs will mark the attempts and log them with ‘Failed to login’ warning texts.

To protect their devices from ongoing attacks, customers have to enhance NAS security by changing the default access port number, implementing password rotation policies, and disabling the default admin account. Additionally, since the attack is only viable on Internet-facing NAS devices, QNAP recommends customers don’t display their devices on public networks.

Firstly, customers have to create a new system administrator account before disabling the admin account. If the administrator account on QNAP NAS devices is running on QTS 4.1.2 then the following steps will disable the default admin account:

• Go to Control Panel > Users and edit the ‘admin’ account profile.
 
• Tick the ‘Disable this account’ option and select ‘OK’.

Additionally, customers can also configure the NAS device to automatically block IP addresses behind several numbers of troubled login attempts. QNAP has also published a checklist to secure their customers’ device and protect their data:

• Remove unknown or suspicious accounts from the device 

• Download QNAP MalwareRemover application through the App Center functionality 

• Change all passwords for all accounts on the device
 
• Set an access control list for the device (Control Panel > Security > Security level)

Password Guessing Used as a Weapon by SolarWinds Hackers to Breach Targets

 

Cybersecurity and Infrastructure Security Agency (CISA) informed that perpetrators of SolarWinds attack obtained confidential information via common hacker techniques like password guessing, password spraying, and illicitly acquired administrative credentials attainable via external remote access services.

The hackers manipulated the IT management company SolarWinds update to secure unauthorized entrance to government systems. The perpetrators inserted malware into an update the company shared with thousands of its clients which then initiated a command and directed the channel to an external server. Microsoft stated that the hacker’s primary aim was to secure entrance to cloud hosted infrastructure, which at many instances was possessed by the company’s Azure and Microsoft 365 environments. 

The threat actors behind the SolarWinds hack gained access by password guessing [T1101.001], password spraying [T1101.003] and were not consistently counting on the trojanized Orion app as its primary access vector.

CISA has urged the United States government agencies to upgrade the SolarWinds Orion platform to the latest version 2020.2.1HF2 and the agencies that are not willing to upgrade the SolarWinds Orion platform should take their Orion systems offline. The attackers modified several Orion app versions to attach malware and used a malware strain called Sunburst (or Solorigate) to corrupt the Orion app updates, versions 2019.4 via 2020.1 which were released between March 2020 and June 2020.

“CISA has evidence that there are initial access vectors other than the SolarWinds Orion platform and has identified legitimate account abuse as one of these vectors (for details refer to Initial Access Vectors section), specifically, we are investigating incidents in which activity indicating abuse of Security Assertion Markup Language (SAML) tokens consistent with the adversary’s behavior is present, yet where impacted SolarWinds instances have not been identified” the agency stated.

The SolarWinds hack was first discovered by the US Cybersecurity company FireEye on December 8th when the cybersecurity firm released a blog revealing an attack on its systems and the attack have impacted the highest authorities of United States which includes the Department of Homeland Security, Department of Commerce, US Treasury and parts of the Pentagon. The hackers were believed to be from Russia, based on several pieces of evidence, however, Russia constantly denies the allegations.